日志:
异常:
多行合并:
异常:
多行合并:
### Multiline options
# Mutiline can be used for log messages spanning multiple lines. This is common
# for Java Stack Traces or C-Line Continuation
# The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
multiline.pattern: '^[[:space:]]'
# Defines if the pattern set under pattern should be negated or not. Default is false.
multiline.negate: false
# Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
# that was (not) matched before or after or as long as a pattern is not matched based on negate.
# Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
multiline.match: after日志和filebeat同时运行时,收集到的就会出现以上异常。停用filebeat时,日志文件增加后,再收集增加的量时,收集解析正常。采用filebeat6.0.0 Windows版本,收集Windows xp/Winodws 2003任务计划日志
0 个回复